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ABSTRACT 

A network resource control system allows network users to communicate with network 
resources, and includes a resource registry, an aHminirtration server, a proxy server* a driver 
server, and an authorization server. The resource registry includes resource records which are 
associated with the network resources and define a target address and a resource type for each 
network resource. The administration server is in communication with the resource registry 
and provides the resource administrators of each network resource with access to their 
respective resource records. The proxy server is in communication with the resource registry 
and facilitates data transfer between the network users and the network resources in 
accordance with the resource records. The driver server in c l u d e s driver applications for the 
network resources. The authorization server is in communication with the resource registry 
and the driver server and provides the driver applications to the network users in accord a n ce 
with the resource record. Each driver application includes a resource driver, a driver 
administrator, and a data transmitter. The resource driver facilitates conununicarJon of 
application data between a user application and target network resources. The resource driver 
includes a driver input for receiving the application data and a driver output for providing a 
translation of the application data. The driver administrator is in communication with the 
resource registry and configures the resource driver in accordance with the resource records 
associated with the target network resource. The data transmitter is in communication with 
the driver output and transmits the translated data to the target network resource. 
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NETWORK RESOURCE CONTROL SYSTEM 



FIELD OF TRft INVENTION 

The present invention relates to a method and system for network management system. 
In particular, the present invention relates to a method and system for controlling access 
to network resources. 



10 BACKGROUND OF THE INVENTION 

Local area networks are widely used as a mechanism for making available computer 
resources, such as file servers, scanners, and printers, to a multitude of computer users. It 
is often desirable with such networks to restrict user access to the computer resources in 
order to manage data traffic over the network and to prevent unauthorized use of the 

15 resources. Typically, resource access is restricted by defining access control lists for each 
network resource. However, as the control lists can only be defined by the network 
administrator, it is often difficult to manage data traffic at the resource level. 

Wide area networks, such as the Internet, have evolved as a mechanism for providing 

20 distributed computer resources without regard to physical geography. Recently, the IPP 
protocol has emerged as means to control access to printing resources over the Internet, 
However, the IPP protocol is replete with deficiencies. First, as IPP-compliant printing 
devices are relatively rare, Internet printing is not readily available. Second, although the 
IPP protocol allows user identification information to be transmitted to a target resource, 

25 access to EPP-compliant resources can only be changed on a per-xeeource basis. This 
limitation can be particularly troublesome if the administrator is required to change 
permissions for a large number of resources. Third, users must have the correct resource 
driver and know the IPP address of the target resource before communicating with the 
resource. Therefore, if the device type or the IPP address of the target resource changes, 

30 users must update the resource driver and/or the IPP address of the resource. Also, if a 
user wishes to communicate with a number of resources, the user must install and update 
the resource driver and IPP address for each resource as the properties of each resource 
changes. Fourth, access to IPP printers cannot be obtained without the resource 
adminis trator locating the resource outside the enterprise firewall, or without opening an 

35 access port through the enterprise firewall. Whereas the latter solution provides the 

resource administrator with the limited ability to restrict resource access, the necessity of 
opening an access port in the enterprise firewall exposes the enterprise network to the 
possibility of security breaches. 

40 Consequently, there remains a need for a network resource control solution which allows 
resource owners to easily and quickly control resource access, which is not hindered by 
changes in device type and resource network address, which facilitates simultaneous 
communication with a number of target resources, and which does not expose the 
enterprise network to a significant possibility of security breaches. 



-1- 



4P (JUWWMjS 



SUMMARY OF THE INVENTION 

According to the invention, there is provided a network resource control system and 
method system which addresses deficiencies of the prior art 

5 

The network resource control system, according to a first aspect of the present Invention, 
allows network users to communicate with network resources, and comprises a resource 
registry, an administration server, and a proxy server. The resource registry includes 
resource records which are associated with the network resources and define a target 
10 address and a resource type for each network resource. The administration server is in 
communication with the resource registry and provides the resource administrators of 
each network resource with access to their respective resource records. The proxy server 
is in communication with the resource registry and facilitates data transfer between the 
network users and the network resources in accordance with the resource records. 

15 

The network resource control system, according to a second aspect of the present 
invention, allows network users to communicate with network resources, and comprises a 
resource registry, a driver server, and an authorization server. The resource registry 
includes resource records which are associated with the network resources and define & 
20 target address and a resource type &r each network resource. The driver server includes 
driver applications for the network resources. The authorization server is in 
communication with the resource registry and the driver server and provides the driver 
applications to the network users in accordance with the resource records for facilitating 
data transfer between the network users and the network resources. 

23 

The network resource control system, according to a third aspect of the invention, allows 
network users to communicate with network resources located behind an enterprise 
firewall, and comprises a proxy server, and a polling server. The proxy server is located 
outside the enterprise firewall and receives application data ftom network users. The 
30 polling server is located behind the enterprise firewall and is configured to poll the proxy 
server for initiating transmission of the received application data from the proxy server to 
the polling server. 

Jhe network resource control system, according to a fourth aspect of the present 
35 invention, is associated with a resource registry having resource records associated with 
network resources tor allowing network users to communicate with the network 
resources, and comprismg a resource driver, a driver administrator, and a data transmitter. 
The resource driver facilitates communication of application data between a user 
application and target network resources. The resource driver includes a driver input for 
40 receiving the application data and a driver output for providing a translation of the 

application data. The administrator is in communication with the resource registry for 
configuration of the resource driver in accordance with the resource records nflmiatod 
with the target network resource. The data transmitter is in communication with the 
driver output for transmitting the translated data to the target network resource. 
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The network resource control method, according to a fifth aspect of the invention, 
facilitates communication between network users and network resources, and comprises 
the steps of: 

providing a resource registry including resource records associated with the 
network resources, the resource records including user access control data; 

receiving user access control data from administrators of the network resources 
for incorporation into the resource records; and 

depending upon the user access control data received, configuring the network 
users for communication with the network resources 



The network resource control method, according to a sixth aspect of the invention, 
facilitates communication between network users and network resources, and comprises 
the stops of: 

receiving a request from one of the network users far communication with a target 
IS one of the network resources; 

obtaining resource configuration data associated with the target one network 
resource; 

determining a user authorization for communication with the target one network 
resource; and 

depending upon the outcome of the user authorization step* verifying a 
correspondence between the resource configuration data and user configuration data 
associated with the one netwofk user. 



The network resource control method, according to a seventh aspect of the invention, 
25 facilitates communication between users of a network and resources in communication 
with the network and comprises the steps of; 

providing a request from one of the network users fin- communication with a 
target one of the network resources; 

receiving from the one network user application data for transmission to the target 
one network resource, and receiving resource network address data associated with the 
target one network resource over a oommunicarions channel secure from the one network 
user; and 

directing the application data over the network in accordance with received 
network address data. 

35 

The network resource control method, according to an eighth aspect of the invention, 
facilitates communication over a nctwoik between users of the network and network 
resources located behind an enterprise firewall, and comprises the steps ot 

polling a proxy server located outside be enterprise firewall for requests for 
40 communication with the network resources; 

receiving application data and associated network resource data from the proxy 
server in response to the poll step; and 

directing the application data to the network resources in accordance with 
associated network resource data; 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The preferred embodiment of Hie invention will now be described, by way of example 
only, with reference to the drawings, in which: 

5 

Fig. 1 is a schematic representation of a network resource control system, according to 
the present invention, showing die resource registry, the administration server, the proxy 
server, the driver server, and the authorization server, and 

10 Fig. 2 is a schematic representation of a driver application for use with the present 

invention, showing the resource driver, the driver administrator, and the data transmitter. 



DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 
IS Turning to Fig. 1 , a network resource control system, denoted generally as 100, is shown 
comprising a resource registry 102, an administration server 104, an authorization server 
106, a number of network resources 108, and a number of network users 1 10. Preferably, 
each network resource 1 08 comprises a printing device, and the network resource control 
system controls access by the network usees 110 and the printing devices. However, it 
20 should be understood at the outset that the invention is not limited to a network printing 
control system, and that the network resource 108 may comprise any of a variety of data 
communication devices, including facsimile machines and image servers. 

The administration server 104, the authorization server 106 and the network resources 
25 108 are available by the network users 110 over a wide area network 112, such as the 
Internet. The resource registry 102 comprises a resource database 1 1 4 which includes 
resource records associated with the network resources 108, and a driver database 1 16 
which includes resource drivers which allow user software applications to communicate 
with the network resources 108. 

30 

Each resource record identifies a target address, resource type and user access level for 
the associated network resource 108. Also, each resource record identifies apseudo- 
name for the associated network resource 108 to identify the network resource to network 
users. Preferably, the pseudo-name is a network alias that identifies the physical location 
35 and properties of the network resource 1 08, but does not identity the network address of 
the resource 108. Further, although each network resource 108 may be defined with a 
unique pseudo-name, a group of network resources 108 may be defined with a common 
pseudo-name to allow communication with a group of network resources 108. 

40 Preferably, the user access Wei comprises one of a) public access" in which any user 
110 of the network 112 can oommunicato with the target network resource 108, b) 
"private access" in which only members of the enterprise associated with the taget 
network resource 1 08 can communicate with the target network resource 1 08, and c) 
"authorized access" in which only recognized users 1 10 cm coznznunicate with the target 



CA 02299824 



network resource 108. Additional infonnation/restrictioi^ may also be 

specified in addition to the foregoing predefined user access levels, For instance, hours 
of operation, data handling capabilities, and resource pricing may also be specified. Also, 
reatricrtions/pennissions may be provided either on a per-user basis, or par-group basis, 

5 

The administration server 104 provides resource administrators with access to the 
resource registry 102 to facilitate updating of the target address, resource type, user 
access level and infonnation^estricdoas^ennissions identified in the resource records of 
the resource database 114. In the case of network resources 108 configured for 

1 0 authorized access, the administration server also alio wb the resource administrators to 
specify a resource name and password for each network resource 108. As will be 
appreciated, this mechanism allows the resource administrator to make adjustments, such 
as to pricing and page limit, in response to demand for the network resources 1 08, and to 
make adjustments to rcstrictions/penniBaoiis/passwords to thwart unauthorized access to 

15 the network resources 108. 

Preferably, the administration server 104 provides controlled access to the resource 
database 1 14 so that the resource administrator of a particular network resource 1 08 is 
only allowed access to the resource records associated with the resource administrator's 
20 network resources 1 08. 

As discussed above, the driver database 1 16 includes resource driven to allow user 
application software to communicate with the network resources 108. As shown in Fig. 
2, when a network user 1 10 is setup to communicate with a target network resource 108 

25 (to be described below), the network communication devioe of the network user 1 10 is 
configured with a driver application 200 comprising a resource driver 202 from the driver 
database 1 16, and a wrap-around driver layer 204. The wrap-around driver layer 204 
includes a front-end layer 206, an administrator layer 208, and a data transmitter layer 
210. The front-end layer 296 is in communication with the network user application 

30 software and the resource driver 202, and typically only passes application data from the 
application software to the resource driver 202. The administrator layer 208 
communicates with die resource registry 102 over die Internet 1 12 and the target network 
resources 1 08 to ensure that die driver application 200 is properly configured for 
communication with the target network resources 108. The data transmitter layer 210 is 

35 in communication with the resource driver 202 and is configured to transmit the data 
oulput from the resource driver 202 over the Internet 1 12 to the target netwoik resources 
108. 

The authorization server 106 is in communication with the resource database 1 14 and the 
40 driver database 1 16 for providing the network users 1 10 with the wrap-around driver 

layer 204 and with the resource drivers 202 appropriate for the target network resource* 
108. Preferably, the authorization server 106 is configured to provide the data transmitter 
layer 210 with the network address of the target network resource 108, over a 
communication* channel secure from the network user 1 1 0 so that the network address of 
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the target network resource 108 is concealed from the network user 110. In the case 
where tho network 112 comprises the Internet, preferably the secure communications 
channel is established using SSL protocol. 

5 Typically, each network resource 108 comprises an IPP-complituit printer. However, as 
discussed above, other data communication devices, such as facsimile machines, image 
servers and non-IPP-compliant printers, may be used in addition to or in replacement of 
an EPP-compliant printer. In the case where the network resource 108 comprises an IPP- 
compliant device, the network address of the network resource 108 comprises the 

10 network resource IPP address* However, in the case where the network resource 108 
comprises a non-IPP-compliant device and the network 1 12 comprises the Internet, 
preferably the network resource 1 08 is linked to the network 1 1 2 via a server, and the 
networic addnss of tile network resource 108 is the TP address of the saver. 

1 5 Typically each network user 110 communicates to the network resources 1 08 using a 
communication device, such as a personal computer, linked to the network 1 12. 
However, the network users 1 10 may also communicate to the network resources 108 
using other communications devices, such as wireless telephones, pagers or personal data 
assistants. 

20 

To facilitate communication with network resources 108 located within an enterprise 118 
behind tho enterprise firewall 120, as shown in Fig. 1, preferably the network resource 
control system 100 also includes a proxy server 122 located outside the enterprise 
firewall 120, and a polling server 124 located behind the firewall 120 within the 
25 enterprise 118. Preferably, the proxy server 122 is located on-site at the enterprise 1 18, is 
provided with a network address correspondiiig to the enterprise 1 18, and includes a 
queue for receiving application data. However, the proxy server 122 may also be located 
off-site, and may be integrated with the authorization server 106 if desired. 

30 Typically the enterprise 118 includes a server 126 for communication with the network 
resources 108 located behind the firewall 122. The polling server 124 is in 
communication with the enterprise server 126 for comnnmication with the network 
Tesourccs 108 located within tho enterprise 118. The polling server 124 is configured to 
poll the proxy server 1 22 through the firewall 120 to detennine whether application data 

35 is waiting in the queue of the proxy server 122. However, as will be ^predated, the 
proxy server 122 and the polling server 124 may be eliminated, if desired, and a port 
provided within the firewall 120 for communication with the network resources 108 
located behind the firewall 120. 

40 Preferably, the network resource control system 100 also includes a transaction server 
1 26 and an archive server 130 accessible over the network 1 12 via the administration 
server 104. The transaction server 128 is in cornmumcationwitotheau 
106 for keeping track of each communication request between a network user 1 10 and a 
network resource 108. For each transmission, typically die transaction server 118 
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maintains records of the originator, recipient, date, time and file size of the transmission. 
The archive server 130 is configured to retain copies of the application data transmitted, 
for a specified period. The network user 1 10 may specify whether the transmitted 
application data is to be archived, and the archive period, during a user registration step, 
5 described below. 

Preferably, the administration server 104 provi&s controlled access to the transaction 
server 128 and the archive saver 130 so that only the network users 110 which originated 
transmission of the application data is allowed access to any information associated with 
10 the transmission. 

To communicate with a network resource 108, preferably the network user 110 first 
selects a target network resource 108, and configures hs computer for communication 
with file target network resource 108. The network user 110 may also register itself with 

15 the administration server 104, by specifying any required information, including the 
network user's name, physical address, and e-mail address. The network user may also 
sped fy that an e-mail notice should be sent to the network user 110 after a successful 
transmission of application data to the target network resource 1 08, and whether 
archiving of the application data is desired. However, the registration step is optional and 

20 maybe dispensed with if desired. 

If no network resource 108 has been selected, the network user 110 queries the 
administration server 1 04, via its Internet browser, for a list of available network 
resources 108. The network use: query may be based upon any desired criteria, including 

25 print turn-around time and page size (where the target network resource 108 is a printer), 
price, and geography. In addition, the network user 1 1 0 may provide the administration' 
saver 104 with the geographical coordinates of the network user 110 in order to 
determine the network user's nearest network resources. The ability to specify the 
geographical coordinates of the network user 1 10 is particularly advantageous if the 

30 communication device of the network user 1 10 is a wireless telephone, pager or personal 
data assistant- In this latter variation, the administration server 104 may be provided with 
die network user's geographical coordinates through any suitable mechanism known to 
those skilled in the art; including latitude/longitude co-cntlinates, GPS, and wireless 
triangulation- 

35 

Preferably, a network user 1 10 will only be provided a list of pseudo-names associated 
with each network resource 108 satisfying the designated search criteria. Further, 
typically the pseudo-name list will only identiiy network resources 1 08 registered for 
public access. However, if the network user 1 1 0 identifies itself as a registered user by 
40 entering a usernaroe and password provided affile time of registration, the pseudo-name 
list will also Identify nctwgric resources 108 which have been registered for authorized 
access and to which the network user 1 10 is authorized to communicate- Also, if the 
network user 1 10 is member of an enterprise 118, the pseudo-name list will also identify 
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network resources 108 which have been registered by the enterprise 1 18 for private 
access. 

Upon receipt of die resource list, the network user 1 10 selects a target network resource 
5 108 fiom tbo fist The administration server 104 then queries the network titer's network 
communication device to determine whether the communication device has been 
configured with the appropriate resource driver 202 for communication with the target 
network resource 108 and, if not, prompts die network user 1 10 to download the 
necessary resource driver 202. 

10 

Once the network user 108 desires to communicate with a target network resource 108. 
the network user 110 transmits a communication request via its application software to 
the driver application 200. The front-end layer 206 of the driver application 200 receives 
the application data, and passes it to the resource driver 202 for processing. In addition, 
1 5 if the network user 1 10 has not previously selected a network resource 108, the front-end 
layer 206 contacts the administration server 104 over the Internet 1 1 2 and prompts the 
network user 1 10 to select a network resource 108, as described above. 

The fremt-end layer 206 also notifies the administrator layer 208 of the driver application 
20 200 of the print request The administrator layer 208 then provides the authorization 
server 106 with a request for printing to a target network resource 10B. Typically, the 
administrator layer 208 provides the authorization server 106 with the pseudo-name 
associated with the target network resource 108, a network user identifier, and a resource 
driver configuration identifier. The authorization server 106 then queries the resource 
25 registry 102 with the pseudo-name of the target network resource 108 for the associated 
resource record. The authorization server 106 extracts the user access level ftom the 
resource record, and based on the network user identifier, deteanines whether the 
network user 1 10 is still authorized to communicate with the target network resourcel08- 
If die network user 1 10 is sdll authorized, the authorization server 106 then provides the 
30 administrator layer 208 with the network address of die target network resource 108. In 
the case of a network resource 108 configured for authorized access, the authorization 
server 106 also provides the adnmristrator layer 208 with the resource name and 
password associated with the network resource 1 10. 

35 The administrator layer 208 then queries the network resource 108 over the Internet 112, 
using the received network address, to determine whether the target network resource 108 
stiJireeides at the specified ui^ The 
authorization server 106 also extracts the resource type fiom die resource record, and 
based on the resource driver configuration identifier, doteraunes whether the network 

40 user 1 1 0 is still configured for communication with the target network resource 1 1 0. If 
die network user 110 no longer has the correct resource driver 202, die authorization 
server 106 queries the driver database 1 16 for the correct resource driver 202, and 
prompts the network user 1 10 to download the resource driver 202. This driver 



-8- 



CA 02299824 



WIS 



configuration verification step may be performed concurrently or consecutively with the 
network, address providing step described in the preceding paragraph. 

Meanwhile, the resource driver 202 translates the application data into a format suitable 
5 for use by the target network resource 108, and then passes the translated data to the data 
transmitter layer 210 of the driver application 200. Preferably, the data transmitter layer 
210 compresses and encrypts the translated application data upon receipt The data 
transmitter layer 210 also receives the network address of the target network resource 108 
from the driver administrator layer 208, and transmits the compressed, encrypted data 
10 over the Internet 112 to the target network resource 108, 

If the resource administrator has defined the user access level of the target network 
resource 108 to allow public access to the network resource 108, preferably the target 
network resource 108 is accessible through a local server which serves to queue, decrypt 
15 and decompress die application data prior to transmission to the target network resource 
108, Alternately, the target network resource 108 itself may bo configured for 
transmission over the Internet 112, such as an IPP-capable printer, so that the target 
network resource 108 prints the application data directly. 

20 If the resource administrator has defined the user access level of the target network 

resource 108 to allow only private enterprise-based access to the network resource 108, 
the proxy server 122 located outsido the enterprise firewall 120 receives the application 
data, and transfers the application data to the proxy server queue. The polling server 124 
located behind the enterprise firewall 120 periodically polls the proxy server 122 to 

25 determine the status of file queue. Upon receipt of a polling signal from the poUing 
server 124, the proxy server 122 transmits any queued application data from the proxy 
server queue, through the enterprise firewall 1 20, to the polling server 124. The polling 
server 124 then parses the network address associated with the received application data, 
and transmits the application to the appropriate server 126 or network resource 108 for 

30 processing. 

If the resource administrator has defined the user access level of the target network 
resource 1 0B to allow authorized access to the network resource 1 08, preferably the target 
network resource 1 08 is accessible through a local server which serves to queue, decrypt 
35 and decompress the application data, and extract the resource name and password 
transmitted along with the application data. The local server then transmits the 
application data to the appropriate network resource 108 if the received resource "» ttt-> 
and password are valid. 

40 Regardless of the user class defined for a network resource 108, if the resource 

administrator relocates the target network resource 1 08 to another network address, 
and/or changes the device type ancVOT restrictions^ of the network resource 

108 v the resource administrator need only update the resource record associated with the 
network resource 1 08 to facilitate cumununioation with the network resource 108. 

-9- 
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Subsequently, when a network user initiates communication with the network resource 
108 with the original pseudo-name, the authorization server 106 provides the 
administrator layer 208 with the updated netwoik address of the network resource 108, or 
prompts the user 1 10 to download the appropriate resource driver 208, if the network user 
5 110 is still authorised to communicate with the network resource 1 08. 

In the ease of network resource 108 configured for authorized access, if the resource 
administrator desires to change the device name and password associated with die 
network resource, the resource administrator need only update the device name and 

10 password provided on the resource record. Subsequently, when a network user 110 
initiator conmnmication with the network resource 108 with the original pseudo-name, 
the authorization server 106 provides the administrator layer 208 with the updated 
resource name and password of the network resource 108, if the network user 1 10 is still 
authorized to communicate with the network resource 108. A network user 110 who is 

IS not authorized to communicate with the target network resource 108, will not receive the 
updated device name and password fiom the authorization server 106 and, consequently, 
will not be able to communicate with the target network resource 108, even if the user 
110 knew the network address for the target network resource 108. 

20 The following pages identify further details and benefits of the preferred embodiment. 
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IOVERVIEW 

A mechanism for easily Identifying, controlling, and using personal contact 
information is disclosed. The first embodiment of this method is the support of remote 
printing devices available through the Internet or internal Intranets is disclosed. A Global 

5 Registry is used to control access to and catalog User contact information and Internet 
Printer Protocol ready printers as veil as Proxy enabled standard printers. The invention 
uses the Global Registry to broker interactions between the users, their contact 
information, including the available printers. The invention includes the use of a wrapper 
layer of software around standard O/S print drivers to allow current application 

10 technology to be Internet print enabled. The user of the invention is shielded from the 
complexity and risks of maintaining the current status of those wishing to contact them 
directly or by printing to a remote printer across the Internet. The providers of the 
remote printers are shielded from the risks of providing access to their printers and 
network resources. 

15 

2Global Registry 



The Global Registry is a central location on the Web that allows Users to register 
personal information, including physical location, phone numbers, cell phones, pagers, 
faxes, internet aware printers and other information* This registered information is 

20 protected by passwords, known only to the person registering the information 
(registrant). The registrant identifies a list of other registrants of the Global Registry that 
they grant access to, and what aspects, of their personal information that they grant that 
permission. This permission is also password controlled, and can be limited by factors 
such as date, elapsed time or access count. The depth and type of information revealed to 

25 other registrants can also be controlled on an individual basis. For Instance contact 
information granted to family members could be different from that granted to co- 
workers or customers. 

The registrant can update the contact information at the central registry whenever any 
aspect of their contact information changes. These changes are then automatically updated 
30 for the other registrants who have been granted access to this information, when they 
establish contact with the central registry. This gives the registrant a single location to 
update information, ensuring that those granted permission to contact them, can always 
get current information. 

The first implementation of the method disclosed, is the printerQn System, which is 
35 designed to manage and control contact to individuals and organizations through internet 
enabled printers and fax machines. This same method is applicable to other contact 
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information such, as email addresses, pager numbers, physical location, phone numbers 
and other information the registrant might wish to share. 



3printerOn Overview 



3.1 printtbrQn 

printerOn is the name of a system of Web based components and drivers that allow 
current, normal, commercially available Applications to gain controlled, protected 
printing across the Internet to remote printers. PrinterOn is a sample implementation of 
the Global Registry method- 

iB.2 PrintrrOm Maim Pr>MPnvpMT<: 

Registration Server - The Registration Server is a Web Server site that supports the 
registration of Printers and Users as well as the definition of User or Printer groups. It 
also provides a portal for the provision of advertisement information and sale of 
merch andise to the registered base of users for any services or products of interest to the 
15 users. 

N*flK SffYCT - The Name Server is a Web Server that supports the identification of 
the appropriate printer BP address for the use of the printerOn Driver and the validation 
of the User's privileges 

PrinterOn Prfrff - The Driver h a Client Application that looks like a standard 
20 device driver that encapsulates the actual printer driver on that O/S, and provides services 
to route the print stream to Internet Printers. 

PWXY SffYff • The Prosy Server is a Web Server that supports the spooling, 
encryption and compression of printer data streams to the appropriate printer IP address 
for the use of the printerOn IPP Print Server. 

25 GfoW Pmt fagirtry * The PrinterOn Global Print Registry is a repository for all 

of the registered Printers and Users that controls and grants permissions to the users of 
the system phased on the PrinterOn printer settings. The Registry is based on a database 
model with the accompanying Active Server Pages controlling the transactions. 

3.3 PMrfTERONRFmsTRATinN^YBR 
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The PrinterOn Registration Server supports the registration of bothprinters and users 
into tke PrinterOn system. The registration of a user consists of entering information such 
as their Name, e-mail address, real address and the IP identification of their device. 

The Registration Server is the main Web interface between Users and the PrinterOn 
5 system 

The registration of a printer, consists of identification of the user defined Printer Alias 
Name, the TP address of the printer, the PrinterOn class of the printer (Public, 
Authenticated Public, or Private), and if the printer has been identified as Private, who 
is allowed to print to the registered printer. 

iM PrinterOn Name Server 

The PrinterOn Naxnc Server provides several services to the PrinterOn System in 
direct communication with the PrinterOn Driver. 

In the normal printing process the Name Server would respond co a request for the 
address of the Printer Alias with a resolved IP address and DNS for the printer, if 
15 it was available to that user. If they were a registered user they could see the Public and 
Authenticated Public printers in the Registry, filtered as they saw fit. The user could only 
get a response to a private printer if they were on the list of users associated with that 
private printer or had access to the printer account and password of the private printer. 

3.5 PrinterOn Drivers 
acs.l Global Print Driver 

The PrinterOn Global Print Driver is a code wrapper that encapsulates a Standard 
O/S Printer driver with a layer that communicates through a standard Port to the Web. 
The driver supports the IPP standard protocol and the interaction with the Name Server. 

The Global Print Driver is composed of four parts, the Driver Control, the Port 
25 Monitor, the IPP printer communication and the IPP print server data stream control. 

The novel item is the implementation of a printer driver that passes information 
through to a Standard O/S Printer driver, while making use of communication with a 
Website. 

A method of controlling the processing or printing requests to a Windows 95, 98 or 
30 NT print driver by encapsulating a standard Windows print driver, with a layer that 
functions as aprint driver at the interface, but, allows for control of the print data stream 
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being passed to windows. This allows for additional processing of the data stream after ix 
has been passed to the driver layer by any 'Window* application and also the addition of 
information or redirection of the print driver output from a local printing process to a 
remote IPP printer. 



355.2 Universal Print Driver 

The PrintexOn Universal Print Driver adds a set of standard O/S Printer drivers built 
into the driver layer itself, that support the basic data streams for printing to a wide range 
of printing devices. The idea here is that the printer driver can not only handle control 
and permissions in a Web environment, but also support printing capabilities to a range 
10 of printers without the user needing to install driven for those printers locally by 
themselves. 

3.6 PrtmtrrOnj Proxy Server 

The printerOn Proxy Server is the provision of IPP services to those users who do not 
wish to expose their IPP printers outside of a firewall, it also provides services to those 
IS who do not have IPP enable printers or servers, but, wish to receive prints over the 
Internet. 

The Proxy server has three components in the design of this subsystem. The first 
component is an add-on part of the PrinterOn Driver. This part allows for the 
compression and/or encryption of a data stream in the pass-through printer component 
20 of the Global or Universal PrinterOn print drivers. 

The second component of the PrinterOn Proxy is a Web location associated with the 
printerOtL.net site that i dentifie s a queue for the printerOn Proxy Printer. The queue is 
monitored by the printerOn Print Server and if data appears in the queue, the Server 
initiates a download of the data from behind the firewall, at the printer location. This 
25 solution means that Administrators can provide the services of an IPP printer without 
opening a port through the Firewall of their network. 

Hie third component of the printerOn Proxy is die printerOn Print Server that is 
located at the site of the Proxy Printer. This server supports the decryption and expansion 
of the data stream being spooled from the Proxy Queue and then passes this to the printer 
30 connected to the server. This means that data streams that are IPP compliant as well as 
others may serviced by printing devices that do support the IPP capabilities. 
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3.7 Registry 

3.7.1 Global Print Driver Registry 

The Global Print Registry is the database of registered Primers and Users that 
comprise the printerOn system. The level of indirection provided by this registry 
5 allows for the insertion of many services and capabilities not supported by standard 
IPP printers or other Internet printing solutions. The use of both User and Printer 
Masts means that the actual physical connection or the physical device behind that 
alias con be moved, reconfigured or changed without rhangi'ng the appearance of the 
alias at the user leveL The Administrator of the system can modify and maintain a 

10 distributed group of printers over the Internet, simply by accessing the single registry 
location. The use of die alias also ensures that the publication of the address on a 
website, business card or directory is a viable alternative as the alias is controlled and 
mapped to the changing network underneath. Even physical location can be easily 
changed. This means that printing can work at the same virtual portal Style that users 

15 hove come to expect from browser access to the Web. 

The use of printer IDs and user Ids in the system! in conjunction with passwords, 
means that the use of the internet printers can be controlled, and modified from the 
same central registry. 

20 



4printerOn Process Discussion 
4,1 REGISTERING A FfrTNTBE 
4.1.1 Registration of an IPP Printer 

25 PrinterOn as asystemisenntered around the internet pmter. T Jnlflcp systems 

that focus on the user and permissions PrinterOn is unique in that it is printer centric. 
The printer u i given an identification and is registered m a cenrj^ 
security and if necessary, a list of users that may be granted permission by the printer 
itself, to use the printer. This is a unique level of active security to control the use of the 

30 printers. To accommodaie this level of security, printers that have an IPP interface must 
be registered within the PrinterOn system. This registration is entirely in the control of 
the Administrator of the printer, both in initiating the registration and in 1™;™;^ ^ fa 
nature and type of printer at that location. 
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The PrinterOn Printer Registration consists of fields such as: 
The unique printer identification 
The Organization and location 
Printer's printerOn Alias 
The Printer's IP Address 
The Printer's URL 

PrinterOn printer type (public, public authenricaied, private) 
Pen Mapping Parameters for printerOn 
Printer Model and Make 
10 • Printer Driver URL 

Administrator ID and Email 
Administrator Password 



15 



20 



25 



Once a printer has been registered, if It has been identified as a Private Printer, 
additional information on the Registrants that can locate and use that printer can be 
entered. These Registrants must be registered users of the printerOn System with entries 
in the Global Print Registry. Once the Registrants have been identified as having access 
to the Private Printer, then they can use this printer as any other printer. The access to 
the Private Printer can also be controlled by individual passwords for each of the 
Registrants. The major advantage of this system is that the printer Administrators can use 
the Global Print Registry to control access and use of Private Printers through a single 
central location. The only other alternative for control of access to IPP enabled printers 
is through password control on the individual IPP servers, which must be configured 
individually on each of die servers locally This gives Administrators the ability to control 
a geographically dispersed set of Private Printers quickly and easily. 



1 1.0.1 Registration of a Non-IPP Printer 
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If the user has a printer thai does not have an IPP Server or is not enabled with IPP 
technology, the printerOn system provides the ability to provide on IPP Proxy for 
connected printers. If the user registers a printer and identifies it as a non-IPP printer, the 
printerON.net site can provide a printing queue to store and process data transmitted 
across the internet. If users of the prinierOn system print to that printer the Proxy 
services in the printerOn Print Driver ire enabled and the data is known to be being 
transmitted to a non-IPP printer and is routed to the printerOn.net site. From there the 
data is queued and sent on to a printerOn Proxy print server located at the non-IPP 
printer's location. This Print Server then formats the data stream and forwards the 
information to the printer. 

H.0.2 Printer Groups 

The printerOnxom interface allows for the registration of a Croup of Registered 
Printers. This Printer Group consists of a series of printers that have been registered in the 
Global Print Registry associated and given an Alias by the User. This grouping of 
Registered Printers gives the user of the system the ability to print to a set of IPP Printers 
simultaneously, through their standard printing intftrfare. The user simply fHimrifi*t the 
printerOn Printer Group as their printer in their application printing dialog, and the 
resultant print is sent to all of the Registered Printers in that group. 

If the Group of Registered Printers includes Fax locations, those faxes will be 
simultaneously sent along with the prints to the appropriate fax machine. This means that 
printers and faxes can be mixed within a single information exchange. If there are several 
fax locations, these can be routed to a fax distribution center for further forwarding to the 
actual fax devices. 



1L0.3 Registrant Groups 

The printerOn.com interface also allows for the registration of a Grouping of 
Registrants. This would enable work groups or company divisions to identify a group of 
people that could as a class, be granted access permission to a given Private Printer. 



PrinterOn Overview 
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The users of the printerOn system most register with the Global Print Registry to 
ensure T> fl t they con use the full features of the printerOn system. Users log onto the 
printerOu.com website and enter the User Registration information to ensure the 
printerOn system can recognize them and identify which printing capabilities are available 
to them. If Users do not register, then tbey can only use the Public Printers listed in the 
registry. Once the users nave registered they are considered to be Registrants in the 
printerOn system and can have access to Authenticated Public printers and those private 
printers that they hove been granted access to. 

The data captured during the printerOn Registration of a User such as; 

10 • A unique User Registrant identifier 

A Registrant name 

An address 

A valid email address 

An assigned Registrant password, emailed to the above address. 
15 • Default printerOn settings 
A fax alias 
A phone number 
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81 PIMHIMG A PRINTER 

8.1.1 When Printing 

5 When the user identifies that they wish to print from an application using the 

printerOn driver, the can either identify the printer from eheir favorites list, type in the 
Printer Alias or invoke the Search Browser to look for a printer in the Global Print 
Registry, 

Once the user has identified the printer they wish to use, the printers characteristics 
10 are checked co determine if the user has a printer driver for that device, if the printer is 
online through an IPP status check and if the user has permission to print to thai device. 

If the user has the appropriate driver and permission, the prinxerOn Printer will 
become the default printer for that application and workstation, ready for printing. 

For Registrants of the printerOn system who wish to use advanced search techniques 
15 during a printing job searches can be done by available printer types, geographic location, 
delivery capability, job quality or by a reverse bidding process. This reverse bidding 
process consists of comparing Registered Printer capabilities and pricing with the 
Registrants request for services and providing the Registrant with a best fit solution. 

8.1.2 WhenOniinetoprinterOn,com 

20 When the user is accessing pxinterOn.com they have the ability to search for printers 
available to them, they can search either geographically, by printer model or by printer 
type and permissions. 

The user also has the ability to undertake the same advanced searching techniques for 
printing resources that ate available from the printerOn Driver interface. These can 
25 involve determination of the best price for a printing job, the closest geographic location, 
perhaps fastest delivery or closest match to the required capabilities. 

Once they have located a printer, they can choose to add this printer to their List of 
Favorites in the printerOn Driver. 

8,2 Printing a poriiMttMT 
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When the user is printing from an application, they can use the default selection or 
choose a new printer from their favorites or browse the printerOn.net website for a 
printer in the Global Print Registry. 

Once a printer has been identified the printer IP address is communicated in an 
5 encrypted message to the printerOn Driver and the user may print to this Remote Printer. 
When the print is initiated the printerOn driver will communicate with printerOn.net 
to ensure thai the permissions and printer status and location are valid. 

If the response to the communication indicates that the printer has been changed, the 
printerOn driver will check the local system for an appropriate printer driver for the 

10 newly installed printer. If it is not available then the printerOn driver will request a copy 
of the appropriate driver from printerOn.net. If the printer driver is not available at the 
printerOn.net she, the printer Administrator will be notified and the Registrant will be 
asked to find a copy of the appropriate driver- If the driver is available, then the printerOn 
Driver w31 download it to the Registrants machine and continue with the printing 

15 request. 

The printerOn Driver then allows the data stream from the application to pass- 
through to the printer model device driver for processing. Once this is completed the 
printerOn driver then gets the data stream from the driver and packages it up into an IPP 
data stream or a Proxy data stream for a non IPP printer. The IPP layer of the printerOn 
20 driver then initiates an IPP session with the actual remote printer confirms it's status and 
sends the data. The driver then in parallel, sends a transaction record to printerOn.net to 
record the printer usage and statistics such as number of pages, transmission time and 
other statistics for accounting and administration purposes. 



25 9IDENTIFIED VERTICAL MARKET APPLICATION FOR 

PrinterOn 



9.1 Overview qf applications 

• Universal Use - Hie Universal use applications are those that are generally 
applicable to all printing applications. 

30 • Wireless Applications - The Wireless applications are those services and 
capabilities that enhance the use of wireless devices. Such as interactive pagers or 
cellphones 



-22- 



CA 02299824 



• Fax Substitution - The Far Substitution is the provision of services that will 
supplement or replace the normal fax transmission process. 

• IPP Server Enhancement - The IPP Server Enhancement applications are services 
and capabilities that expand the use and function of the IPP standard printers. 

5 • Reprographics - The Reprographics applications are those that enhance the 
commercial printing and services market. 

5 A UhfflVERSMiUSS 



5.1.1 Hotel Guest Printing 

For business travelers who need printed data, but do not bring printers with them, 
10 hotdscanregisteranIFPpiinterwtthprinterQn.net. When a guest arrives at the 
hotel, he or she can be assigned a valid printerOn userlD and password by a Printer 
Administrator at that Hotel through the printerOn.com Website, that will allow 
access to the hotel printer for the duration of the guest's stay. printerOn will broker 
access to the printer in such a manner that it remains secure. printerOn can provide 
15 the hotel with the option of tracking printer usage for guest billing purposes. Guests 
can print from their rooms through dial-up internet connections using printerOn.net, 
and pick up their output at the front desk. If they wish they can also print a cover page 

on each of their print jobs, identifying who the print is to go to. 

■ i * - 

20 Once the guest has been registered with printerOn.com their access to the printer will 
be automatic for the duration of the configured access, lie printerOn driver will 
substitute the password for the primer into the print request from the guest's 
application. The hotel can then get a record of the guest's printing activity for billing 
purposes. 

25 
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5.1.2 White Pages 

printerOa.net will act as a search engine for IPP print addresses, allowing users to 
always locate the appropriate device even as servers and printers are being replaced or 
moved. Organizations can update the parameters for registered printers at 
printerOn.nct to minirniy^ disruptions, in service for those authorized to access their 
printers. This means that system administrators can reconfigure or replace physical 
printers, while retaining the permissions, passwords and Printer Aliases for the 
Registrants. The Registrants will not necessarily even be aware that the physical 
printer that they use has been changed- 

5. 1.3 Dbtwbution Groups 

printerOn allows the creation of a logical Printer Group, so that users can send a copy of 
a document to a number of people or printers in one step. By printing to the group, a 
copy of the printout is automatically duplicated by the printerOn Print Driver by 
recursively printing and sending to each device belonging to the group. The standard Print 
Driver needed to print to each member of the group will be detected and inserted as in the 
single device printerOn process. 

5.1 .4 Paid-For-Papers 

printerOn.net can broker physical prints of an organization's purchased reports 
directly to a consumer's output device, saving the time and cost of shipping hardcopy 
versions. There is no inter mediatej electronic form that may be copied, and the report 
is available immediately* 

The provider of the reports, can request the IP address of the customers printer, or ask 
that the customer register the printer as Private, Then the provider can print to the 
printer, with a record of the transaction being available to show delivery. 
If the person requesting the print wishes, thcycan have the print stream information 
forwarded to a local printing shojj to be pickrf up or forwarded. 

301.5 Print/Fax Archival 

For clients who require records of fazes or IPP prints, but lack document archival 
software, printerOu-net can host a copy of print jobs for a period of tunc The prints 



can be regenerated or retrieved oil Remind by those with suitable password access. 
printerOn-net will also work closely document management companies to provide 
similar capabilities for larger organfoflfinns with a higher degree of IT strategy. This 
capability can be supported by the printerOn system, because the printerOn driver is 
capable of producing multiple renditions of a single print request, one of which can be 
routed to an archival process. 



5.1.6 FOLLOW-ME POINTER 

i 

Registering with printerOn ensures that faxes or prints always reach recipients who 
change their locations. Corporations can be certain that output will find traveling, 
former, or vacationing employees, and can also redirect prints for absent employees to 
suitable alternates* An individual registers a virtual IPP address with printerOn. This 
virtual IPP address is the one they pepose to the world. As they change locations, as 
the Administrator of their printcrithey can visit the printerOn Web site and redirect 
their virtual IPP device to the IP address of the physical prim device at their current 
location. 



5,2 VHRELESS AmiCATIQN 



5.2.1 Printing Wj^eubss EMAIL 

For business travelers who rcceivej'frman, printerOn will have integrated solutions 
with wireless data services that alhpw the recipient to print a copy of the message on an 
IPP printer. The wireless user cad* specify the printer they want to use! or can rely 
upon printerOn services to locate a suitable printer based upon geographic location 
and other requirements. Geographic location may bt established by several means, 
including GPS, wireless cell triangdlorion, or manual entry. 



EMAIL 4 



5.2.2 Obtaining EMAIL Attachments 

E-mail attachments can be printedj.dBrectly to'printen rather than opened in the 
programs they were created in. WMless devices, such as Internet-enabled cell phones 
and wireless modems or pagers, can 'thus alert the user of a receive attachment 
without needing to deliver the contends to the device. The business traveler can request 
that the e-mail be forwarded to pzlntcrOn.net with a request to output the message and 
attachment on a hardcopy printer} This hardcopy may be a fax Tyig ^ ;no < public, 
private or Virtual IPP printer. printerOn will also be able to obtain the geographic 
coordinates of a wireless device either from a GPS or cell phone locating service to 
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automatically route the prints to the qearest printer, or provide tke user with a list of 
nearest printers to choose from. 

5t3 Fax Substitution ; 

t ii 

5a3.i Improved FaSISig 

i . 

printerOnjiet can replace faxes, withj'high quality prints that retain fine details 
traditionally lost using fax machines* An IPP printer can be registered along with the 
fax numbcr(s) for which it is a substitute. Clients con cross-reference these fax 
numbers (which are commonly avilibk) into* IPP print addresses to send high quality 
fax-equivalents to business partnenl £rinterOn.uei is capable of determining when a 
fax number does not have an IPP equivalent, and dropping into standard fax mode 
under these circumstances. .[ 

l *j 

If numerous real fax locations are identified, then faxes can be routed to a fax 
15 distribution center for forwarding.* • 

5.4 IPP STPRVPTt FUHAWflg 



10 



5.4.1 IPP Printer A^afieb. 

printerOn can create virtual IPP pointers for companies whose printers art not IPP 
20 compliant, or who lack the expertise! jto set up an IPP device. Corporations receive an 
application that runs on their WiaMw% NT, 2300, or Linux print servers that allows a 
printer to behave as a virtual IPP fjrinter when used in conjunction with 
printerOn.net. This application conjmunicates with the printerOn Web site to 
convert IPP print requests from aqy:spuree into a print request for non-IPP printers. 
25 ! J* ' 1 

5A2 Pen Mapping! j|. 

TlieprmteipnDrivercreatesa) 
to the Print Driver Interface to any) Mseveral standard or custom definitions. This means 
that the color of the object* can be mapped to ibther colon or grayscale, the thickness of 
30 lines can be mapped, the fill patterns used can be modified or mapped to color or grayicale 
Ells. In theprmterOn system, bee^ the driver knows the capability of the final printing 
device, the printerOn driver can automatically map the data input from the Application 
to an appropriate output stream firjthar printing device, without any modifications or 
intervention with the originating Application. ^ the printing device is a black and white 
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printer, colon can be mapped to grayscale fiUi;or patterns. If the resolution of a primer 
is leas than the original data, then fill patterns can be modified to accommodate the lower 
resolution. 



10 



15 



20 



25 
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IPP Firewall 



GE 



For companies with security concejru over "pushing" data through their firewalls, 
printerOn can expose a printer withqtat opening a port in the firewall. This is 
accomplished by an application on ^tjjfe company's server that "polls" the printerOn 
service to identify when a print request has been made, h then pulls that data securely 
through the firewall, rather than allowing it to : be pushed through. 

5.4.4 IPP Data OF^|jizATipN 

To decrease the use of expensive orjslpw Internet bandwidth, printerOn offers a 
service/product combination that will optimize data transfer for IPP print 
applications. The printerOn driver on compress the print data stream before 
transmission. printerOn software bn the receiving IPP server performs 
complementary decompression to ; Mtovide the necessary print data to the printer. The 
printerOn driver will "handshake"; with the riant server to establish if this service is 
available on the printer, and automatically use Jtt when appropriate, 

it: i: 

3.4.5 IPP DATA QufeLpi 

To reduce printing bottlenecks ca4|a, by slow Internet connections or large print jobs, 
the printerOn Prosy provides a seryjjee in which the printerOn.net Web site can 
respond with a "ready" signal to arWipne wanting to print to an IPP printer. printerOn 
will then queue the data and ensure bansmisslpn of the print request once the printer 
becomes available. |. 



5.4.6 



IPP DNS 



For smaller organizations re m 
3 0 remote printer access), printerO 



tornain Name Server support (a requirement for 
will act .as a global DNS. This will simplify the 



process and reduce the cost of eacpdstag IPP printers for the average company lacking 
the technical expertise or the fitiatirfal rationale for building a DNS. 
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5.4.7 



if; 



Print Identification! 



To provide some concert lor die pi 
text on the printed document or 
destination of the document. This 
such as the rime, dace, who printed 
document. 



5.4.8 Print AuTHEi ificATiiDN 



. i Hi 



r 

i transaction, printerOn can either place header 
i£6 a coijir sheet to identify die source and 
it header; |or cover sheet con include information 

% document, and who is expected to receive die 



printerOn can verify the authem 
key encryption, and other acee^ 
reliance on courier and fax trani 
recipient of a print job is able ro 
printerOn.net registry. Reprints d i 
for a period of time, and audit trail ( 



5,4.9 Printer acc$ 



pof a prir ^submission through passwords^ public 
■ m e cha nism s. This further reduces the 



l as a means of validating transactions. A 
: docum sat validity according to the 

1 if authenticated documents are retained 
; available permanently. 




flagged, and e-mail notification* c4u 
checking. { 



To help organizations monitor cos n jjooables aUil track costs among departments, 
printerOn.net can record all prints r juxivity bf! user, account code, and printer. 
Customized reports for auditing pj x }oses can'be generated, unusual print behaviors 

nnJ ■ ■■■nil ^isrifinf>ir!M»* ^ »L ' t r. ^ k t 1 ~J 1 «_ t _ , i * 



5.4.10 Printer Use 

Critical documents can be primed!) 
slow data transfer. The printerOn| 
printerOn users to whom they < 
a user that is identified as being J 
servicing, or may even terminate 
printer owner's configuration. 



h sent tcj a designated contact when supplies need 



5 .4.11 Paper Size F iiinauNJB 



, rather [than be delayed by long print jobs or 
i aUcjws the printer owner to identify 

Pgrvepjfiority access. A print request from such 
ority ftftll be given preference for next 
5-empt) t j[c current print job depending upon the 
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opposed to what page sizes axe 
are actually installed in the device 
ensure that the user has constrain 
condition from occurring. Alt" 
che print job so that it fits on the w 

Note that similar applications 
and white printing, and folding (i 



To ensure that the correct paper sizjp. or the re note printer is selected by users, the 
owner of the registered printer can |d ^tify to irinterOn what page sizes are valid (as 

lUy possible). Typically, these are the sites that 
ten prinipgfrom the printexOn driver, we will 
' r pape ^election to a valid size to prevent this 
y, pria jcrOn can automatically scale (or resize) 
ujlable pap sr. 

i . (• 

tdr media (paper, vellum, mylar etc), color/black 
pund is, fold type, etc). 



5,4.12 Automatic: 

printer On will ensure that the p 
thereby prevent the user from pr 
Global Print Registry allows air 
can install or use on appropriate 
driver, the system will autoi 
the global registry database, 
entirely block the print attempt. 



5.4,13 NOTIFICAIION AND 




To eliminate uncertainty, 4 

successfully, and can inform the 
The system can be configured to 
notifications and receipts. TypicL. 
the physical location and URL of 
for whom it was printed. 
Upon completion of a print, the 
site to record the statistical data n 
creating e-mail notifications and r< 
may request a receipt in the print 
a receipt if they have configured 
is generated if the user has enti 

driver. A printer owner cane 

notification, or receive nodficatio: 
requested. 



Dl |VER VAIJDATION 

|nd prii ijer driver are compatible, and will 
Ag incoi 'rtct output. To guarantee this, the 
search for a printer to discover its type, so they 
l e driver, furthermore, if you use the printerOn 
check xh [currently selected print driver against 
provide aiwarnlng of incompatibility, or to 



;eepts 



i j f 

|can assuoe/the sender that the document printed 
Siqnt that i document has arrived at their printer, 
or enfcirce the generation of print c-mail 
lob messages would contain information such as 
rjrinter, die number of pages, who printed it, and 

ttanonito^will interact with the printerOn audit 
od to the print job. The audit site is capable of 
tatsincoi^ The user 

fcvir user iflterface, or may choose to always obtain 
Hriccouni Appropriately. A recipient notification 
"jfc^mail i Adress of the recipient in the print 
ijrej their a ijcount such that they always receive 
5- the eve |e that an explicit notification was not 
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1 ifT^^ 




( allowing 
npacting 



while allowing printer owners 
it allows owners to create an alias for 
to a host domain, servers! 
^ and the printerOn driver are 

; fjirinter administrators the freedom to 
published URL printer names. 



rfdespitjp changes i 
ofprinterOn.net 



5.4.14 CONHGXJIU^TIfisf-l^O <$P PRINTER NAMING 



To guarantee the long-term validit 
the freedom to change printer 
a logical primer. This alias 
printers, or server configuration, 
shielded from configuration than; 
modify their environment without] 



5.4,15 Printer: 

For companies concerned about re 
inappropriate use of equipment, i 
printerOn allows the printer 
method is to restrict access to the i 
provides a mechanism for tracking 
behavior. Another unique print* 
"denial" basis. Most access grant 
(printerOn supports this model), 
printer that says "anyone can use 1 
is important since EPP printers pr 
environment is no longer control) 
large. 



jjr^approp: 
* /c6: 
I protoco 
Tealso 
Sprinter 
! anew 
l (as in 



Sated information ("spam") or the 
friesta gcs, pornographic images, etc), 
block this type of behavior. One such 
registered printerOn users. This 
print users, which discourages poor 
the ability to grant access on a 
Identify who is allowed to use a service 
u de a means of controlling access to a 
_ :CEPT for the following users...". This 
problem for primer administrators... the 
acjjrporanon). Rather, it is the world at 



5,5 Reprographics 



or / ei 

5.5.1 Large FoRMfe pIrdt: f Job Submission 



The printerOn driver can asscml 
and apply the appropriate Printei 
the target printer. If the choice of j 
manufacturers control enviri 



| print joba 
obQontrx 

_iitl r 

*p then the printerOn driver can use a different set 

of Job Control codes to match the selected re Bote output device, without user 
intervention. fill! * \\. 



5.5.2 



Printing 



the Application printing process 
spen, depending on the nature of 
;Ou involves the use of a different printer 



COPY SHOPS 



-31 



CA 02299824 



IS 



20 



25 



' printer with prioterOiLnet to serve 



I 

Small print shops, can register a sccra public L r ^ r „ w „ 

customers who lack the equipment t>r skills to glint their specialized documents. The 
customer can then obtain the hardcopy resulttjfrom the print shop. The customer 
would contact the Print Shop, whoJljelU them to use printerOn with a V mt * \'t**i r*A 
UserlD and Password, The custodkr prints us&ig the printcrOn driver on their 
desktop, which interacts with prmmcOa.nct to jndidate and provide a temporary 
access to the Print Shop IPP printetfj ; Once the print job is complete, the access 
expires. jjj' f) 



5t6c3 Print Forwarding 



An application for the remote A 
with good availability to the final 
printer* This means that docuxnen 
establishment near a courier hub 
hardcopy, without the necessity 
It would be printed and distribi 




is ft product hardcopy output at a site 
)Hf tt that destination does not have an IPP 
be i inmed remotely to a printing 

can distribute the resultant 
jup |ke hardcopy and bringing into the hub. 



I may 



The foregoing description is intend^ i 1 
present invention. Those of ordinal f; 

and/or modifications to the describe L 

described homin, ate encompassed | jJthe spirit 
the claims appended hereto. .vj 

J ' ( 

i 




..-Jve of the preferred embodiment of the 
^pvisagc certain additions, deletions 
snt which, although not explio' tly 
or scope ofthe invention, as <*gfi^fd by 
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VE CLAIM: 



1 . A network resource control system^ for 
between network users and network resoi 

a resource registry including resi 
the resource records defining a target 
resource) 

an administration server in corami 
administrators of each said network resi 
records; and 

a proxy server in communication 
transfer between the network men and 
records. 



2, A network resource control 
between network users and network resoi 

a resource registry including 
the resource records defining a target at 
resource; 

a driver server including driver 
an authorization server in 
server for providing the driver application 
resource records for facilitating data 
resources* 

3, A network resource control 
between network users and network res 
network printing system comprising: 

a proxy server provided outside th| 
for printing; and 

a polling server provided within 
polling the proxy server for initiating 
proxy server to the polling server. 

4, A network resource Control 
network printing system being associ 
associated with network resources for 
network resources over the network, 

a resource driver for facilitating 
application and target ones of the netwo 




VIIM7 



allowi c k communication over a network, 
locate i pehind an enterprise firewall* the 

rewall for receiving application data 

Lterpris ;jith* polling server being configured for 
: She received application data from the 




communication over a network, 
>rk printing system comprising: 
exited with the network resources, 
e type for each said network 

the resource registry for providing 
to respective ones of the resource 

registry for facilitating data 

in accordance with the resource 



communication over a network, 
rk printing system comprising: 
tociated with the network resources, 
prce type for each said network 

le network resources; and 
|the resource registry and the driver 
?rk users in accordance with the 
le network users and the network 



communication over a network, the 
i "ce registry including resource records 
jk users to communicate with the 
pfBating system comprising: 

a of application data between a user 
resource driver including a driver 
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input for receiving the application data aac 
application data, 

a driver administrator in com mi 
of the resource driver in accordance with 
network resources! and 

a data transmitter in 
translated data to the target one network 

S. A method for facilitating cc 
network resources, comprising the steps i 

providing a resource registry incluti 
resources, the resource records including 1 

receiving user access control data 1 
incorporation into the resource records; < 

in accordance with the user access < 
communication with the network resourc 



driver oi: 



iththe 
surces* 



aon< 



: for providing a translation of the 

le resource registry for configuration 
cords associated with the target one 

iver output for transmitting the 



network, between network users and 



ag resourc e records associated with the network 
■ access cfptrol data; 

l administrators of the network resources for 
Ltrol datflj configuring the network users for 



6. A method for facilitating cou 
network resources, comprising the s 

receiving a request from one of 1 
of the network resources; 

obtaining resource configuration < 

determining a user authorization ; 
resource; and 

in accordance with the user author 
resource configuration data and user cor 

7. A method for facilitating comzni 
network resources, comprising the steps 

providing a request from one of 
one of die network resources; 

receiving from the one network 
network resource, and receiving resource 
network resource over a oaxnmui 

directing the application data ov< 
address data. 

8* A method for facilitating comm\ 
network resources located behind an entejftroe i 



ion ovcj a network, between network users and 

5rk u * srs for communication with a target one 

l assoriattil with the target one network resource; 

i with the target one network 

on, vei i ying a correspondence between the 
" z -~\d^i associated with the one network user. 

a network, between network users and 

i ten for communication with a target 

n data for transmission to the target one 
data associated with the target one 
from the one network user; and 
in accordance with received network 



fa network, between network users and 
comprising the steps of: 
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polling a proxy server located 
communication with the network resour* 

receiving application data, and assoc 
in response to the poll step; and 

directing the application data to the 
network resource data. 



ftfcentc 




frise firewall for requests for 
resource data from the proxy server 
mrces in accordance with associated 
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